Published Release Notes

New landing page allows you to customize the presentation of quality metrics

From the new Application: Quality Settings landing page, you can specify which built-in apps to include for testing. You can also modify the date range for graphs on the Application Quality, Application: Test coverage, and Application: Unit testing landing pages. Additionally, you can specify how many days the tests are considered current to be included on the Application Quality dashboard and in reports. By configuring how quality metrics are displayed, you can customize data presentation according to your needs, which can help improve the quality of your application.

For more information, see Application: Quality Settings landing page.

PegaWAI ruleset deprecated in 8.5

Accessibility functions that were contained in the PegaWAI ruleset are now integrated into the main Pega Platform™. Consequently, the user interface in your applications now features accessibility functions out of the box, so you no longer need to use the PegaWAI ruleset to ensure accessible behavior in your application.

For more information, see Building an accessible UI.

Personalized table views

You can now configure tables so that users can personalize table views at run time. Users can specify which columns to display, resize and reorder columns, and set an initial sort order and initial column filter. When users save these personalized settings, the table displays the personalized view each time that users access the table.

Personalizing table views can help users work more efficiently by providing greater control over what data they see and how it is presented.

For more information, see Configuring a table for personalization.

Select or edit a label format at run time

At run time in App Studio, when you edit a control, you can now select a new label format for the control or edit the currently selected label format. This change provides you with the flexibility to update control labels in real time as you process cases.

For more information, see Styling controls at run time.

Preview and select icons with the icon class picker

To see the standard, predefined icons that are available for a Button, Link, or Icon control, use the Open the icon class picker icon on the General tab of the Properties panel. From an overlay of icons, you can then select the one that is most appropriate for your control. By using a predefined icon, you bring greater consistency to your user interface and help users more easily understand the purpose of each control.

For more information, see Previewing and selecting predefined icons with the icon class picker.

Requestor pools management in Designer Studio

On the new Requestor Pools landing page, you can view and manage requestor pools across the cluster, including on the current node and remote nodes. By using this landing page, you can tune the requestor pools to improve the performance of services. You can clear the requestor pool for a service package and view the requestor pool basic metrics and configured thresholds.

For more information, see Requestor pools management, Clearing a requestor pool, Viewing details for a requestor pool, Tuning a requestor pool configuration.

Update activity for button and link formats

To update existing Button controls or Link controls to current, simplified formats (Strong, Standard, and Simple), use the pzUpdateButtonLinkFormats activity. Using the report definition and other parameters that you specify, the system retrieves the sections to be converted, loops through each section rule to find Button controls and Link controls, and updates their formats.

For more information, see Updated button and link formats and Update-Button-Link-Formats.

Support for application-specific REST API calls

You can now call an authenticated REST API in the context of any application that is listed on an operator record by using the application alias URL. With the application alias URL, you can also develop REST services without changing the access group in the service package. REST services run in the context of the access group that points to the provided application, instead of the access group that is specified in the service package.

For more information, see Invoking a REST service rule.

Automatic separation of date input

Date fields in Date Time controls now automatically divide strings of input into days, months, and years. In single fields, the system adds slashes (/) as the user types the value. For example, an input string of 10102020 becomes 10/10/2020. In separate day/month/year fields, the system automatically switches from one field to the next as the user types the value. This enhancement improves the user experience by helping to users provide input in a more convenient and time-efficient manner.

For more information, see Configuring a Date Time control.

Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service

Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.

Token Introspection service

Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication. 

Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT). 

Token Introspection service endpoint

The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid: 

• Valid tokens have the “active”:true status
• Invalid tokens have the “active” :false status.

The inactive status can also be due to revocation. 

Token Denylist service

You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.

Keys endpoint

Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.

For more information, see OAuth 2.0 Management Services.